Watcher – Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
![watcher logo](https://cdn-0.reconshell.com/wp-content/uploads/2021/09/watcher-logo.png)
Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation.
It should be used on webservers and available on Docker.
Watcher capabilities
- Detecting emerging cybersecurity trends like new vulnerabilities, malwares… Via social networks & other RSS feeds (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…).
- Monitor for information leaks, for example in Pastebin & other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm…).
- Monitor malicious domain names for changes (IPs, mail/MX records, web pages using TLSH).
- Detecting suspicious domain names targeting your organisation, using dnstwist.
Useful as a bundle regrouping threat hunting/intelligence automated features.
Additional features
- Create cases on TheHive and events on MISP.
- Integrated IOCs export to TheHive and MISP.
- LDAP & Local Authentication.
- Email notifications.
- Ticketing system feeding.
- Admin interface.
- Advance users permissions & groups.
Involved dependencies
Screenshots
Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.
Threats detection
![Watcher threats detection](https://cdn-0.reconshell.com/wp-content/uploads/2021/09/Watcher-threats-detection-1024x631.png)
Data leaks
![Watcher keywords detection](https://cdn-0.reconshell.com/wp-content/uploads/2021/09/Watcher-keywords-detection-1024x559.png)
Malicious domain names monitoring
![Watcher malicious domain names monitoring](https://cdn-0.reconshell.com/wp-content/uploads/2021/09/Watcher-malicious-domain-names-monitoring-1024x617.png)
IOCs export to TheHive & MISP
![Watcher iocs export](https://cdn-0.reconshell.com/wp-content/uploads/2021/09/Watcher-iocs-export-1024x504.png)
Suspicious domain names detection
![Watcher malicious domain name detection](https://cdn-0.reconshell.com/wp-content/uploads/2021/09/Watcher-malicious-domain-names-detection-1024x559.png)
Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs…
Admin interface
![Watcher admin interface](https://cdn-0.reconshell.com/wp-content/uploads/2021/09/Watcher-admin-interface-1024x558.png)
Installation
Create a new Watcher instance in ten minutes using Docker (see Installation Guide).
Platform architecture
![Platform architecture](https://cdn-0.reconshell.com/wp-content/uploads/2021/09/Platform-architecture-1024x516.png)
Get involved
There are many ways to getting involved with Watcher:
- Report bugs by opening Issues on GitHub.
- Request new features or suggest ideas (via Issues).
- Make pull-requests.
- Discuss bugs, features, ideas or issues.
- Share Watcher to your community (Twitter, Facebook…).
Pastebin compliant
In order to use Watcher pastebin API feature, you need to subscribe to a pastebin pro account and whitelist Watcher public IP (see https://pastebin.com/doc_scraping_api).
Leave a Reply